• Welcome Guest, to the Spybot Forums! It's 2025, and we just upgraded our forum software.

    Today is Safer Internet Day, and with our new forum, you can finally use passkeys to login. That was about time!

    Of course, you could ask if a forum is still useful, with so many social media networks out there where you might already have an account, and met a lot of users. You can now use your login from some of those networks to log in here. And by posting here, your question and data is stored on our servers and not automatically shared with a whole social media network.

    We'll also start using the forum for small bits of information, announcements and more again.

Laptop infected with Virus

R

rayoflight

New member
My Laptop is infected with virus. I had McAfee but it was just hanging so I uninstalled it completely and bought Norton 360. Norton did some clean up but the laptop is still slow and hanging after 20 or 30 minutes.

Please help...
 
Ok. Let's have a look at it then.

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab, uncheck files option and then click scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
 
Hi,

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Copy-paste following contents into custom scan -area:
    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
 
OTL logfile created on: 5/23/2010 10:10:32 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\LT\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 783.00 Mb Available Physical Memory | 77.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 73.51 Gb Free Space | 65.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LT
Current User Name: LT
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\LT\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\LT\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (MSK80Service) -- File not found
SRV - (MpfService) -- File not found
SRV - (McSysmon) -- File not found
SRV - (McShield) -- File not found
SRV - (McProxy) -- File not found
SRV - (McODS) -- File not found
SRV - (McNASvc) -- File not found
SRV - (mcmscsvc) -- File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe (Symantec Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (WaveEnrollmentService) -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe (Wave Systems Corp.)
SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (STacSV) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe (SigmaTel, Inc.)
SRV - (usnjsvc) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (Service1) -- C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\SendAllQualifiedApp.exe (Mercury Interactive)
SRV - (LogonService1) -- C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\LogonService1.exe (Mercury Interactive)
SRV - (OtaPool) -- C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\OTAPool.exe (Mercury Interactive)
SRV - (ExpressionService) -- C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\ExpService.exe ()
SRV - (TDStartStopService) -- C:\Program Files\Common Files\Mercury Interactive\TDStartStop.exe (Mercury Interactive)
SRV - (SiteScope) -- C:\Inetpub\TDBIN\SiteScope\tools\sitescopeservice.exe ()
SRV - (MSSQLSERVER) -- C:\Program Files\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLSERVERAGENT) -- C:\Program Files\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (CheckTestDirectorUserAccount) -- C:\Program Files\Common Files\Mercury Interactive\CheckU.exe (Mercury Interactive)
SRV - (TomcatService) -- C:\Inetpub\TDBIN\MTours\jakarta-tomcat-3.3\bin\TomcatService.exe ()


========== Driver Services (SafeList) ==========

DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100501.002\navex15.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100501.002\naveng.sys (Symantec Corporation)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0401000.020\Ironx86.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\N360\0401000.020\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360\0401000.020\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\N360\0401000.020\ccHPx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100211.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\N360\0401000.020\SYMTDI.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0401000.020\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0401000.020\SYMDS.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20091105.001\IDSxpx86.sys (Symantec Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corp.)
DRV - (WavxDMgr) -- C:\WINDOWS\system32\drivers\WavxDMgr.sys (Wave Systems Corp.)
DRV - (PBADRV) -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys (Dell Inc)
DRV - (WaveFDE) -- C:\WINDOWS\system32\drivers\WaveFDE.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
DRV - (DXEC01) -- C:\WINDOWS\system32\drivers\dxec01.sys (Knowles Acoustics)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (paldrv) -- C:\WINDOWS\system32\pal_drv.sys (Mercury Interactive Corp.)
DRV - (PID_0900_V) Logitech ClickSmart 310(PID_0900_V) -- C:\WINDOWS\system32\drivers\LV551AV.sys (Logitech Inc.)
DRV - (LVBulk) -- C:\WINDOWS\system32\drivers\LVBULK.sys (Logitech Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080207
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080207

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080207
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "JobSearch - Dice.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {3191E4CE-790E-42be-B2E0-223475263B7E}:6030.2009.0514.2202
FF - prefs.js..extensions.enabledItems: {DBBB3167-6E81-400f-BBFD-BD8921726F52}:6030.2009.0514.2205
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.5.2.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/01 16:26:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/01 20:13:29 | 000,000,000 | ---D | M]

[2009/08/18 19:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT\Application Data\Mozilla\Extensions
[2009/08/18 19:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT\Application Data\Mozilla\Extensions\celtx@celtx.com
[2010/05/02 23:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions
[2010/01/10 12:53:19 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2009/08/20 22:14:11 | 000,000,000 | ---D | M] (F5 Networks Cache Cleaner Plugin) -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E}
[2009/08/13 18:51:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/10 12:53:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/20 22:15:29 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
[2010/01/10 12:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\firefox@tvunetworks.com
[2009/02/11 16:27:36 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\searchplugins\jobsearch---dicecom.xml
[2008/12/12 14:23:54 | 000,002,158 | ---- | M] () -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\searchplugins\MySpace.xml
[2010/05/01 20:13:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/01 20:13:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/03/06 13:06:00 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2009/03/06 13:06:02 | 000,126,360 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2009/03/06 13:07:42 | 000,046,408 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\atmccli.dll
[2008/02/07 22:46:12 | 000,087,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2008/02/07 22:46:20 | 000,091,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2008/02/07 22:46:16 | 000,021,824 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2009/06/24 11:08:26 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2007/03/16 18:27:00 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2007/03/16 18:27:00 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2007/03/16 18:27:00 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2009/03/06 13:06:14 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/02/07 22:48:26 | 000,419,136 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2008/02/07 22:46:12 | 000,024,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2010/04/29 19:21:23 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (BHOManager Class) - {474264BC-9571-47C1-85B9-780F756DC9CE} - C:\WINDOWS\system32\BHOManager.dll (Mercury Interactive Corp.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (ooVoo Toolbar) - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\Program Files\oovooToolbar\oovooToolbar.dll (ooVoo )
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\Program Files\oovooToolbar\oovooToolbar.dll (ooVoo )
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (ooVoo Toolbar) - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\Program Files\oovooToolbar\oovooToolbar.dll (ooVoo )
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe File not found
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\LT\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: amtrak.com ([vpn] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amtrak.com ([vpn] https in Trusted sites)
O16 - DPF: {00000033-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall33.cab (HPVirtualRooms33 Class)
O16 - DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} http://LT/TDBIN/Spider80.ocx (Loader Class v2)
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} https://vpn.amtrak.com/vdesk/cachecleaner.cab#version=6030,2009,0514,2202 (F5 Networks CacheCleaner)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://vpn.amtrak.com/vdesk/terminal/urxvpn.cab#version=6030,2009,514,2217 (F5 Networks VPN Manager)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3605B612-C3CF-4AB4-A426-2D853391DB2E} http://10.11.50.178/qcbin/capicom.dll (Certificates Class)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://vpn.amtrak.com/vdesk/terminal/f5tunsrv.cab#version=6030,2009,514,2213 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} http://mssepmapp01/projectserver/objects/pjclient.cab (PjAdoInfo3 Class)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} https://vpn.amtrak.com/vdesk/terminal/f5InspectionHost.cab#version=6030,2009,0514,2204 (F5 Networks Policy Agent Host Class)
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} http://imlive.com/chatsource/ImlCID.cab (imlUCID Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} http://LT:8080/qcbin/Spider90.ocx (Loader Class v3)
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} http://www.ooxtv.com/livetv.ocx (KooPlayer Control)
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} http://mssepmapp01/projectserver/objects/1033/pjcintl.cab (Pj11enuC Class)
O16 - DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} http://10.11.50.178/qcbin/Spider91.cab (Loader Class v4)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://vpn.amtrak.com/vdesk/terminal/urxshost.cab#version=6030,2009,514,2210 (F5 Networks SuperHost Class)
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} https://vpn.amtrak.com/policy/download_binary.php/win32/f5syschk.cab#Version=6030,2009,0514,2213 (F5 Networks OS Policy Agent)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O18 - Protocol\Handler\HTLFP {03B7A5D4-96B0-4316-95F8-072D326A58F1} - File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vfsp {E4CB5121-E242-11D4-8ED6-00010219EB22} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (waveGina.dll) - C:\WINDOWS\System32\waveGina.dll (Wave Systems Corp.)
O20 - Winlogon\Notify\gemsafe: DllName - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {A5949E07-8536-4625-A3D0-2DD83F559990} - C:\WINDOWS\system32\ShellHook.dll (Mercury Interactive Corp.)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c27220e2-5501-11de-8388-001c233c6437}\Shell - "" = AutoRun
O33 - MountPoints2\{c27220e2-5501-11de-8388-001c233c6437}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{facdb218-62ac-11de-83b7-001c233c6437}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{facdb218-62ac-11de-83b7-001c233c6437}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{facdb218-62ac-11de-83b7-001c233c6437}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{facdb21b-62ac-11de-83b7-001c233c6437}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{facdb21b-62ac-11de-83b7-001c233c6437}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{facdb21b-62ac-11de-83b7-001c233c6437}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{facdb21d-62ac-11de-83b7-001c233c6437}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{facdb21d-62ac-11de-83b7-001c233c6437}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{facdb21d-62ac-11de-83b7-001c233c6437}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{ffeff4b0-fd5b-11dd-82f2-001e4ca198d5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ffeff4b0-fd5b-11dd-82f2-001e4ca198d5}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{ffeff4b0-fd5b-11dd-82f2-001e4ca198d5}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/11 19:02:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
 
CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010/05/23 10:06:49 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\LT\Desktop\OTL.exe
[2010/05/04 22:11:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/04 22:11:10 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/04 22:11:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/04 20:31:14 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/04 20:31:13 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/04 20:31:11 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/04 20:31:10 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/04 20:31:07 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/04 20:31:07 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/04 20:31:07 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/04 20:30:46 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/04 20:30:46 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/04 20:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/04 20:30:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/04 20:29:50 | 000,000,000 | ---D | C] -- C:\Anti_Virus_SW
[2010/05/04 19:16:08 | 000,501,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\cchpx86.sys
[2010/05/04 19:16:08 | 000,362,032 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\symtdi.sys
[2010/05/04 19:16:08 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\symtdiv.sys
[2010/05/04 19:16:08 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymDS.sys
[2010/05/04 19:16:08 | 000,325,680 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\srtsp.sys
[2010/05/04 19:16:08 | 000,172,592 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymEFA.sys
[2010/05/04 19:16:08 | 000,116,784 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\Ironx86.sys
[2010/05/04 19:16:08 | 000,043,696 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\srtspx.sys
[2010/05/04 19:15:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2010/05/04 19:15:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0401000.020
[2010/05/04 19:15:44 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2010/05/04 19:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/05/02 12:39:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/05/01 21:12:39 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/05/01 21:12:39 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/05/01 21:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/05/01 21:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/05/01 21:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/05/01 21:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/05/01 21:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2010/05/01 21:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/05/01 21:07:05 | 000,408,024 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\LT\Desktop\N360Downloader.exe
[2010/05/01 20:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/01 20:13:29 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/01 20:13:29 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/01 20:13:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/01 20:13:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/01 18:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/01 18:54:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/05/01 11:35:15 | 000,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/05/01 11:35:10 | 000,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/05/01 11:35:07 | 000,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/01 11:34:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/05/01 11:33:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2010/05/01 10:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LT\Application Data\ARManager
[2010/05/01 10:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LT\Application Data\20935E7BB5BE849ECFA6390617E58800
[2008/02/23 01:27:34 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/23 09:50:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/23 09:48:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/23 09:48:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LT\Desktop\OTL.exe
[2010/05/20 20:34:06 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3727747301-3168930972-3825058957-1005UA.job
[2010/05/20 20:34:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3727747301-3168930972-3825058957-1005Core.job
[2010/05/20 20:27:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\LT\Local Settings\Application Data\WavXMapDrive.bat
[2010/05/20 20:27:02 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/20 20:26:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/20 20:20:18 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\LT\Desktop\6rxy4k21.exe
[2010/05/20 20:20:02 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\LT\Desktop\dds.com
[2010/05/12 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/05/12 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/05/05 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/05/05 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/05/05 07:54:28 | 006,766,592 | ---- | M] () -- C:\Documents and Settings\LT\ntuser.dat
[2010/05/05 07:54:28 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\LT\ntuser.ini
[2010/05/04 22:11:25 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/04 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/05/04 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/05/04 20:31:15 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/04 20:31:08 | 000,002,674 | ---- | M] () -- C:\WINDOWS\System32\config.nt
[2010/05/04 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/05/04 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/05/04 19:16:57 | 001,205,022 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\Cat.DB
[2010/05/04 19:16:22 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/05/04 19:16:22 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/05/04 19:16:22 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/05/04 19:16:22 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/05/04 19:16:11 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2010/05/04 19:15:04 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\LT\Desktop\Norton Installation Files.lnk
[2010/05/04 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/05/04 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/05/03 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/05/03 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/05/03 00:56:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/05/03 00:33:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/05/02 16:05:19 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/05/02 16:05:19 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/05/02 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/05/02 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/05/02 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/05/02 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/05/01 21:07:08 | 000,408,024 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\LT\Desktop\N360Downloader.exe
[2010/05/01 20:50:26 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/05/01 20:50:26 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/05/01 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/05/01 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/05/01 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/05/01 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/05/01 16:37:53 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\LT\Desktop\Google Chrome.lnk
[2010/05/01 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/05/01 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/05/01 11:35:15 | 000,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/05/01 11:35:10 | 000,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/05/01 11:35:07 | 027,321,964 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/01 11:35:07 | 000,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/01 11:34:44 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/05/01 11:34:44 | 000,211,986 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/05/01 11:34:44 | 000,106,501 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/04/29 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/04/29 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/04/29 12:21:48 | 002,278,402 | ---- | M] () -- C:\Documents and Settings\LT\My Documents\DraftProposalSummary.pdf
[2010/04/29 12:21:41 | 003,001,127 | ---- | M] () -- C:\Documents and Settings\LT\My Documents\SenateDraftProposal.pdf
[2010/04/27 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/04/27 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/04/27 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/04/27 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/04/26 13:16:22 | 000,003,844 | -H-- | M] () -- C:\Documents and Settings\LT\My Documents\Default.rdp
[2010/04/25 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/04/25 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/20 20:28:59 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\LT\Desktop\dds.com
[2010/05/20 20:28:59 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\LT\Desktop\6rxy4k21.exe
[2010/05/04 22:11:25 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/04 20:31:15 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/04 19:16:37 | 001,205,022 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\Cat.DB
[2010/05/04 19:16:11 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2010/05/04 19:15:49 | 000,003,374 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymEFA.inf
[2010/05/04 19:15:49 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymDS.inf
[2010/05/04 19:15:49 | 000,001,473 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymNetV.inf
[2010/05/04 19:15:49 | 000,001,445 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymNet.inf
[2010/05/04 19:15:49 | 000,001,388 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\srtspx.inf
[2010/05/04 19:15:49 | 000,001,382 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\srtsp.inf
[2010/05/04 19:15:49 | 000,000,741 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\Iron.inf
[2010/05/04 19:15:48 | 000,001,754 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\ccHPx86.inf
[2010/05/04 19:15:46 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\symnetv.cat
[2010/05/04 19:15:46 | 000,007,444 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymEFA.cat
[2010/05/04 19:15:46 | 000,007,442 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\srtspx.cat
[2010/05/04 19:15:46 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\srtsp.cat
[2010/05/04 19:15:46 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\iron.cat
[2010/05/04 19:15:46 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymDS.cat
[2010/05/04 19:15:46 | 000,007,396 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\cchpx86.cat
[2010/05/04 19:15:46 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymNet.cat
[2010/05/04 19:15:46 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\isolate.ini
[2010/05/01 21:12:39 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/05/01 21:12:39 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/05/01 21:07:33 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\LT\Desktop\Norton Installation Files.lnk
[2010/05/01 19:39:39 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/05/01 19:39:39 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/05/01 11:34:44 | 027,321,964 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/01 11:34:44 | 000,211,986 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/05/01 11:34:44 | 000,106,501 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/05/01 11:34:40 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/05/01 10:12:53 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/04/29 12:21:48 | 002,278,402 | ---- | C] () -- C:\Documents and Settings\LT\My Documents\DraftProposalSummary.pdf
[2010/04/29 12:21:41 | 003,001,127 | ---- | C] () -- C:\Documents and Settings\LT\My Documents\SenateDraftProposal.pdf
[2010/04/26 11:49:24 | 006,766,592 | ---- | C] () -- C:\Documents and Settings\LT\ntuser.dat
[2009/08/20 22:22:19 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2009/06/15 12:44:53 | 000,001,106 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2008/12/22 21:53:01 | 000,004,534 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2008/08/21 14:17:27 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2008/08/21 14:16:07 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\liplW7.dll
[2008/08/21 14:16:07 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\liplA6.dll
[2008/08/21 14:16:07 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplPX.dll
[2008/08/21 14:16:07 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplP6.dll
[2008/08/21 14:16:07 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplM6.dll
[2008/08/21 14:16:07 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lipl.dll
[2008/08/21 14:16:07 | 000,005,187 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/08/21 14:16:05 | 000,000,816 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/04/12 15:54:04 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\isapi_redirect.dll
[2008/04/12 15:46:33 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/04/12 15:46:33 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/04/12 15:45:56 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/04/12 15:45:56 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/04/12 15:45:54 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/03/09 14:29:37 | 000,000,204 | ---- | C] () -- C:\WINDOWS\coparamui.INI
[2008/03/09 14:14:25 | 000,000,686 | ---- | C] () -- C:\WINDOWS\LRAnalysis80.ini
[2008/03/09 13:46:07 | 000,000,035 | ---- | C] () -- C:\WINDOWS\OnlineSet.ini
[2008/03/09 13:46:05 | 000,000,242 | ---- | C] () -- C:\WINDOWS\wlrun5.ini
[2008/03/09 13:46:02 | 000,003,170 | ---- | C] () -- C:\WINDOWS\wlrun7.ini
[2008/03/09 11:06:19 | 000,000,066 | ---- | C] () -- C:\WINDOWS\vugen_extra_keywords.ini
[2008/03/07 14:36:37 | 000,000,512 | ---- | C] () -- C:\WINDOWS\System32\cfgams32.dll
[2008/03/07 14:07:34 | 000,005,382 | ---- | C] () -- C:\WINDOWS\vugen.ini
[2008/03/07 14:06:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\lrdata.ini
[2008/03/07 14:06:29 | 000,000,082 | ---- | C] () -- C:\WINDOWS\upload.ini
[2008/03/07 14:06:15 | 000,000,637 | ---- | C] () -- C:\WINDOWS\flights.ini
[2008/03/07 14:06:11 | 000,000,600 | ---- | C] () -- C:\WINDOWS\miccomm.ini
[2008/03/05 15:41:58 | 000,024,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/03/04 19:52:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2008/03/02 17:19:43 | 000,000,064 | ---- | C] () -- C:\WINDOWS\mictable.INI
[2008/03/01 14:56:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\flight4a.INI
[2008/02/23 01:43:37 | 000,000,023 | ---- | C] () -- C:\WINDOWS\AQTProductInfo.INI
[2008/02/23 01:33:08 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/02/23 01:33:08 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/02/23 01:28:30 | 000,000,078 | ---- | C] () -- C:\WINDOWS\wlrun.ini
[2008/02/23 01:27:44 | 000,008,231 | ---- | C] () -- C:\WINDOWS\wrun.ini
[2008/02/23 01:27:35 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\p2irdao.dll
[2008/02/23 01:27:35 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\p2ctdao.dll
[2008/02/23 01:27:35 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\p2bbnd.dll
[2008/02/23 01:27:34 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\co2c40en.dll
[2008/02/23 00:50:26 | 000,002,281 | ---- | C] () -- C:\WINDOWS\mercury.ini
[2008/02/14 01:05:18 | 000,000,707 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/07 10:15:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/02/07 10:09:49 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/02/07 10:09:49 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/07 09:59:40 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/02/07 09:57:05 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2008/02/07 09:57:05 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2008/02/07 09:53:54 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/02/07 09:53:52 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/02/07 09:31:31 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/02/07 09:31:31 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2008/02/07 09:28:08 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/11/18 15:22:28 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\imlCID.dll
[2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/09/13 16:42:30 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/09/13 16:42:30 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/09/13 16:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/09/13 16:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/09/13 16:42:28 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/09/13 16:42:28 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/09/13 16:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/09/13 16:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/09/13 16:42:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/09/13 16:42:26 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/09/13 16:36:24 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/09/12 17:05:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/09/12 17:04:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/09/12 17:04:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/09/12 17:04:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/09/12 17:03:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/09/12 17:03:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/09/12 17:03:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/09/12 17:02:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/09/12 17:02:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/09/12 17:02:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/09/10 11:53:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2007/06/15 12:19:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2006/11/07 06:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/17 01:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 01:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/08/14 13:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/06/12 10:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2006/04/20 09:34:38 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2006/04/20 09:34:24 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/04/19 19:50:00 | 000,284,672 | ---- | C] () -- C:\WINDOWS\System32\SovConvAux.Dll
[2005/10/14 16:09:48 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2004/09/10 15:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 15:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/11 19:24:19 | 000,000,832 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 19:00:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\i064tai.dll
[2004/08/11 19:00:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2004/08/11 19:00:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2004/08/11 19:00:18 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2004/08/11 19:00:18 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2004/08/11 19:00:18 | 000,000,335 | ---- | C] () -- C:\WINDOWS\System32\yr4y7xl.dll
[2004/08/11 19:00:18 | 000,000,101 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2004/08/11 19:00:18 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2004/08/11 19:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\r5581gd.dll
[2004/08/11 19:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\oeu5a2j.dll
[2004/08/11 19:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\f06y75p.dll
[2004/08/11 19:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\bmiqa8g.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/04/01 02:00:00 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\carclw6s.DLL
[1999/11/05 20:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cfgamp32.dll
[1999/11/05 20:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\cfgamp16.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/05/01 20:49:43 | 000,086,460 | ---- | M] () -- C:\aaw7boot.log
[2004/08/11 19:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/08/12 23:34:03 | 000,053,248 | ---- | M] () -- C:\Avail QC Hours.xls
[2009/12/22 23:30:46 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2004/08/11 19:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/22 22:06:15 | 000,000,081 | ---- | M] () -- C:\CTX.DAT
[2008/02/07 09:33:28 | 000,006,623 | RH-- | M] () -- C:\dell.sdr
[2008/11/29 01:58:20 | 000,035,725 | ---- | M] () -- C:\font.zip
[2008/02/15 20:22:32 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 19:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009/06/15 16:44:21 | 000,000,366 | -H-- | M] () -- C:\IPH.PH
[2008/08/21 14:14:42 | 000,000,183 | ---- | M] () -- C:\LogiSetup.log
[2010/05/01 19:41:51 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2006/09/25 13:30:52 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\mfc71.dll
[2006/09/25 13:30:52 | 001,047,552 | ---- | M] (Microsoft Corporation) -- C:\mfc71u.dll
[2008/08/12 23:30:06 | 001,266,432 | ---- | M] () -- C:\Misc.zip
[2004/08/11 19:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2006/09/25 13:30:54 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\msvcp71.dll
[2009/02/08 19:38:41 | 000,000,104 | ---- | M] () -- C:\My Computer.lnk
[2009/06/12 09:05:55 | 000,000,634 | ---- | M] () -- C:\m_agent_attribs.cfg
[2009/06/11 21:27:50 | 000,000,634 | ---- | M] () -- C:\m_agent_attribs.cfg.bak
[2008/02/07 09:53:50 | 000,022,729 | ---- | M] () -- C:\newfile.enc
[2008/02/07 09:53:50 | 000,022,729 | ---- | M] () -- C:\newkey
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/31 22:40:49 | 000,250,032 | ---- | M] () -- C:\ntldr
[2010/05/23 09:47:47 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/05/01 16:10:54 | 000,000,504 | ---- | M] () -- C:\rkill.log
[2009/01/03 14:39:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/02/01 03:05:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/02/01 23:38:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/02/02 02:32:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/02/02 21:23:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/02/17 21:13:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/02/17 22:26:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/02/17 23:23:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2008/11/08 03:08:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/11/09 15:39:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/11/10 01:47:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/11/11 01:41:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/11/11 18:25:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/11/12 00:36:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/11/13 02:50:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/11/14 03:25:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2008/11/14 12:17:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2008/12/01 00:30:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2008/12/15 16:42:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/12/16 00:17:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/01/03 14:39:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/02/01 03:05:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/02/01 23:38:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/02/02 02:32:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/02/02 21:23:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/02/17 21:13:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/02/17 22:26:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/02/17 23:23:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008/11/08 03:08:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/11/09 15:39:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/11/10 01:47:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/11/11 01:41:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/11/11 18:25:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/11/12 00:36:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/11/13 02:50:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/11/14 03:25:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008/11/14 12:17:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008/12/01 00:30:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008/12/15 16:42:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/12/16 00:17:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2008/08/21 15:36:30 | 000,000,158 | ---- | M] () -- C:\YServer.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 19:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 19:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 19:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/14 12:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/04/14 12:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/04/14 12:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/04/14 12:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/04/14 12:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/04/14 12:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/04/14 12:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/05/01 11:35:10 | 000,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/05/01 11:35:07 | 000,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/02/24 08:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/05/04 19:16:22 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]
< End of report >
 
OTL Extras logfile created on: 5/23/2010 10:10:32 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and

Settings\LT\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type =

NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format:

M/d/yyyy

1,014.00 Mb Total Physical Memory | 783.00 Mb Available Physical Memory |

77.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File

free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Files
Drive C: | 111.72 Gb Total Space | 73.51 Gb Free Space | 65.80% Space Free |

Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LT
Current User Name: LT
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe

(Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe"

%1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft

Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%

\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --

started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --

started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft

Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft

Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter

s\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter

s\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"5030:TCP" = 5030:TCP:*:Enabled:Services
"3265:TCP" = 3265:TCP:*:Enabled:Services
"6374:TCP" = 6374:TCP:*:Enabled:Services
"3937:TCP" = 3937:TCP:*:Enabled:Services
"5089:TCP" = 5089:TCP:*:Enabled:Services
"8678:TCP" = 8678:TCP:*:Enabled:Services
"3356:TCP" = 3356:TCP:*:Enabled:Services
"5212:TCP" = 5212:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter

s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter

s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"135:TCP" = 135:TCP:*:Enabled:DCOM
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"37677:TCP" = 37677:TCP:*:Disabled:ooVoo TCP port 37677
"37677:UDP" = 37677:UDP:*:Disabled:ooVoo UDP port 37677
"37676:UDP" = 37676:UDP:*:Disabled:ooVoo UDP port 37676
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"5030:TCP" = 5030:TCP:*:Enabled:Services
"3265:TCP" = 3265:TCP:*:Enabled:Services
"6374:TCP" = 6374:TCP:*:Enabled:Services
"3937:TCP" = 3937:TCP:*:Enabled:Services
"5089:TCP" = 5089:TCP:*:Enabled:Services
"8678:TCP" = 8678:TCP:*:Enabled:Services
"3356:TCP" = 3356:TCP:*:Enabled:Services
"5212:TCP" = 5212:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter

s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN

Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) --

(Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter

s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\LT\Application Data\U3\00001753A86079DA\0DE4F643

-C398-46ec-9339-2362F2311932\Exec\Skype.exe" = C:\Documents and

Settings\LT\Application Data\U3\00001753A86079DA\0DE4F643-C398-46ec-9339-

2362F2311932\Exec\Skype.exe:*:Enabled:Skype -- File not found
"C:\Program Files\Mercury Interactive\QuickTest

Professional\bin\AQTRmtAgent.exe" = C:\Program Files\Mercury

Interactive\QuickTest Professional\bin\AQTRmtAgent.exe:*:Enabled:AQT Remote

Agent -- (Mercury Interactive Corp.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger --

(Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!

\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE" = C:\Program

Files\Microsoft Office\OFFICE11\FRONTPG.EXE:*:Enabled:Microsoft Office

FrontPage -- (Microsoft Corporation)
"C:\Program Files\Mercury Interactive\Mercury

LoadRunner\launch_service\bin\magentproc.exe" = C:\Program Files\Mercury

Interactive\Mercury

LoadRunner\launch_service\bin\magentproc.exe:*:Disabled:Mercury Launcher

Process -- (Mercury Interactive Corp.)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program

Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program

Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application --

(www.sopcast.com)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program

Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN

Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) --

(Microsoft Corporation)
"C:\Documents and Settings\LT\Application Data\Macromedia\Flash

Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and

Settings\LT\Application Data\Macromedia\Flash

Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape

add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla

Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\LT\Local Settings\Application Data\Google\Google

Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\LT\Local

Settings\Application Data\Google\Google Talk

Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\LT\Local Settings\Application Data\Google\Google

Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\LT\Local

Settings\Application Data\Google\Google Talk

Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Nortel Networks\Extranet.exe" = C:\Program Files\Nortel

Networks\Extranet.exe:*:Enabled:Contivity VPN Client -- File not found
"C:\Documents and Settings\LT\Application Data\mjusbsp\magicJack.exe" =

C:\Documents and Settings\LT\Application

Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program

Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo -- File not found
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP

Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 -- File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program

Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent --

File not found
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program

Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- File not

found
"C:\Documents and Settings\LT\Application Data\Juniper Networks\Juniper

Terminal Services Client\dsTermServ.exe" = C:\Documents and

Settings\LT\Application Data\Juniper Networks\Juniper Terminal Services

Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client -- (Juniper

Networks)
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" =

C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance

- Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program

Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program

Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008

Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove

only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet

Explorer
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management

Applications
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express

Edition (MSSMLBIZ)
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0

Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting

PayPal Addin
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{439C01D2-84A2-4421-9141-ED58FE79C6BE}" =
"{45534579-B75B-4A42-953B-2EF8E1DEB4F3}" = Microsoft XML Parser
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed

Asset Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}" = GemSafe Standard Edition 5.1
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native

Client
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup

Support Files (English)
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{5C01F86B-B888-4ABE-96AF-E35BF6564A19}" = Quest Software Toad for SQL

Server Trial 4.1
"{5EC5F187-9D2B-4051-8906-88656819A869}" = Dell Drivers MSI
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP

Payroll Addin
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB42024-D62A-33F5-B883-52069E2C9668}" = Google Talk Plugin
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting

Equifax Addin
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional

Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007

Office system
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web

Components
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A1528C5E-73E8-441E-8114-3811B4D34F41}" = Expense Calculator
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0

Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business

Connectivity Components
"{AB523489-A51E-4D4E-9109-EC395B6846CD}" = QuickTest Professional
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave

Systems
"{AC3D865A-0D8C-43C0-8BA7-7EC2D34BFBFE}" = Quality Center Microsoft Excel

Addin
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B47695F0-1082-11D5-AF69-00A0CC5FEE7C}" = MercuryTours
"{BD1EDA57-8294-47B7-B129-C3DF2FA95BA4}" = InstallMICGenericHook
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0

Service Pack 2
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D25122BC-A60E-4663-B602-B01718F12044}" = Cisco Systems VPN Client

4.8.01.0300
"{D491FEB0-3D6A-49DE-8C97-8D4D0036E07E}" = WebEx Meeting Manager for

Firefox/Netscape/Chrome
"{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop

Engine
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E9459BCF-0982-498B-ABA7-26C34323493F}" = Citrix Presentation Server Client

- Web Only
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor

Minimum Install
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}" = Wave Infrastructure Installer
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF05BA0F-AC15-4D12-AC5C-276225F5E751}" = Gemalto
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave

Systems
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime -

(v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++

2008 x86 Runtime - v9.0.30729.01
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}" = NTRU TCG Software Stack
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.3 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"avast5" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Celtx (2.7)" = Celtx (2.7)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330

MDC V.92 Modem
"Cricket Scorer_is1" = Cricket Scorer 5.5.4.0
"FileZilla Client" = FileZilla Client 3.3.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation

APIs
"IE4Dev" = Microsoft Script Debugger
"ie7" = Windows Internet Explorer 7
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support

Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information

Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager

Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security

Setup
"InstallShield_{AB523489-A51E-4D4E-9109-EC395B6846CD}" = QuickTest

Professional
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page

Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security

Center
"LoadRunner" = Mercury LoadRunner 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame

Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting

Equifax Addin
"Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting

PayPal Addin
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MySpaceIM" = MySpaceIM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"oovooToolbar" = ooVoo Toolbar
"P2P Tv Plugin_is1" = P2P Tv Plugin
"RealPlayer 6.0" = RealPlayer
"SearchAssist" = SearchAssist
"SiteScope1DeinstKey" = SiteScope
"Slideroll Gallery AV_is1" = Slideroll Gallery AV 0.92b4
"Slideroll Video Creator_is1" = Slideroll Video Creator 0.83b
"SopCast" = SopCast 3.0.1
"SPVOD Player1.8" = SPVOD Player1.8
"ST6UNST #1" = cBizOne
"TeamViewer 4" = TeamViewer 4
"TestDirector 8.0" = TestDirector 8.0
"UnifiedReport" = Unified Report
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.3
"WampServer 2_is1" = WampServer 2.0
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WinRunner" = WinRunner
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.0.0.320
"Juniper_Citrix_Services" = Juniper Citrix Services Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash

Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/15/2010 4:54:25 PM | Computer Name = LT | Source = Google Update |

ID = 20
Description =

Error - 5/20/2010 8:17:03 PM | Computer Name = LT | Source = Userenv | ID =

1041
Description = Windows cannot query DllName registry entry for {7B849a69-

220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty

registration.

Error - 5/20/2010 8:17:03 PM | Computer Name = LT | Source = Userenv | ID =

1041
Description = Windows cannot query DllName registry entry for {CF7639F3-

ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty

registration.

Error - 5/20/2010 8:26:19 PM | Computer Name = LT | Source = Userenv | ID =

1041
Description = Windows cannot query DllName registry entry for {7B849a69-

220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty

registration.

Error - 5/20/2010 8:26:19 PM | Computer Name = LT | Source = Userenv | ID =

1041
Description = Windows cannot query DllName registry entry for {CF7639F3-

ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty

registration.

Error - 5/20/2010 8:26:57 PM | Computer Name = LT | Source = Broadcom ASF IP

and SMBIOS Mailbox Monitor | ID = 0
Description =

Error - 5/20/2010 8:26:58 PM | Computer Name = LT | Source = Userenv | ID =

1041
Description = Windows cannot query DllName registry entry for {7B849a69-

220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty

registration.

Error - 5/20/2010 8:26:58 PM | Computer Name = LT | Source = Userenv | ID =

1041
Description = Windows cannot query DllName registry entry for {CF7639F3-

ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty

registration.

Error - 5/20/2010 8:28:06 PM | Computer Name = LT | Source = Google Update |

ID = 20
Description =

Error - 5/20/2010 8:34:06 PM | Computer Name = LT | Source = Google Update |

ID = 20
Description =

[ System Events ]
Error - 5/4/2010 8:12:43 PM | Computer Name = LT | Source = DCOM | ID =

10020
Description = The machine wide Default Launch and Activation security

descriptor
is invalid. It contains Access Control Entries with permissions that are

invalid.
The requested action was therefore not performed. This security permission

can
be corrected using the Component Services administrative tool.

Error - 5/12/2010 10:32:16 AM | Computer Name = LT | Source = DCOM | ID =

10020
Description = The machine wide Default Launch and Activation security

descriptor
is invalid. It contains Access Control Entries with permissions that are

invalid.
The requested action was therefore not performed. This security permission

can
be corrected using the Component Services administrative tool.

Error - 5/12/2010 10:32:22 AM | Computer Name = LT | Source = Print | ID =

23
Description = Printer Microsoft XPS Document Writer failed to initialize

because
a suitable Microsoft XPS Document Writer driver could not be found.

Error - 5/12/2010 10:32:22 AM | Computer Name = LT | Source = Print | ID =

23
Description = Printer WebEx Document Loader failed to initialize because a

suitable
HP Color LaserJet 4700 PCL 5c driver could not be found.

Error - 5/12/2010 10:32:39 AM | Computer Name = LT | Source = Service

Control Manager | ID = 7000
Description = The McAfee Services service failed to start due to the

following error:
%%3

Error - 5/12/2010 10:32:39 AM | Computer Name = LT | Source = Service

Control Manager | ID = 7000
Description = The McAfee Network Agent service failed to start due to the

following
error: %%3

Error - 5/12/2010 10:32:39 AM | Computer Name = LT | Source = Service

Control Manager | ID = 7000
Description = The McAfee Proxy Service service failed to start due to the

following
error: %%3

Error - 5/12/2010 10:32:39 AM | Computer Name = LT | Source = Service

Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to

the following
error: %%3

Error - 5/12/2010 10:32:39 AM | Computer Name = LT | Source = Service

Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start

due to
the following error: %%3

Error - 5/12/2010 10:32:39 AM | Computer Name = LT | Source = Service

Control Manager | ID = 7000
Description = The McAfee Anti-Spam Service service failed to start due to

the following
error: %%3


< End of report >
 
Hi,

Kindly turn word wrap off in notepad to make logs appear in more readable format.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include contents of the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

See if you're able to run DDS now and post back contents of dds.txt log if possible.
 
Hi Blade,

Please delete the above 3 posts as I forgot to uncheck the word wrap. Posting the logs again without word wrap.

Cheers,
Rayoflight
 
ComboFix 10-05-22.03 - LT 05/23/2010 13:29:27.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.545 [GMT -4:00]
Running from: c:\documents and settings\LT\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Favorites\_favdata.dat
c:\documents and settings\LT\Application Data\20935E7BB5BE849ECFA6390617E58800
c:\documents and settings\LT\Application Data\20935E7BB5BE849ECFA6390617E58800\enemies-names.txt
c:\documents and settings\LT\Application Data\ARManager
c:\documents and settings\LT\Application Data\ARManager\languages\Czech.lng
c:\documents and settings\LT\Application Data\ARManager\languages\Danish.lng
c:\documents and settings\LT\Application Data\ARManager\languages\Dutch.lng
c:\documents and settings\LT\Application Data\ARManager\languages\English.lng
c:\documents and settings\LT\Application Data\ARManager\languages\French.lng
c:\documents and settings\LT\Application Data\ARManager\languages\German.lng
c:\documents and settings\LT\Application Data\ARManager\languages\Italian.lng
c:\documents and settings\LT\Application Data\ARManager\languages\Portuguese.lng
c:\documents and settings\LT\Application Data\ARManager\languages\Slovak.lng
c:\documents and settings\LT\Application Data\ARManager\languages\Spanish.lng
c:\documents and settings\LT\Application Data\ARManager\languages\template.lng
c:\documents and settings\LT\Application Data\ARManager\wallpaper.jpg
c:\documents and settings\LT\Application Data\JuniperSetup.exe
c:\documents and settings\LT\Application Data\Microsoft\HTML Help\hh.dat
c:\documents and settings\LT\g2mdlhlpx.exe
c:\program files\INSTALL.LOG
c:\windows\regsvr32.exe
c:\windows\system32\Cache
c:\windows\system32\vb40032.dll

Infected copy of c:\windows\system32\drivers\wmiacpi.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-04-23 to 2010-05-23 )))))))))))))))))))))))))))))))
.

2010-05-05 02:11 . 2009-12-30 18:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 02:11 . 2009-12-30 18:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-05 02:11 . 2010-05-05 02:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 00:31 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-05 00:31 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-05 00:31 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-05 00:31 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-05 00:31 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-05 00:31 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-05 00:31 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-05 00:30 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-05 00:30 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-05 00:30 . 2010-05-05 00:30 -------- d-----w- c:\program files\Alwil Software
2010-05-05 00:30 . 2010-05-05 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-05 00:29 . 2010-05-05 00:29 -------- d-----w- C:\Anti_Virus_SW
2010-05-04 23:16 . 2010-02-27 02:23 43696 ----a-r- c:\windows\system32\drivers\srtspx.sys
2010-05-04 23:16 . 2010-02-04 01:40 362032 ----a-r- c:\windows\system32\drivers\symtdi.sys
2010-05-04 23:16 . 2010-02-04 01:40 172592 ----a-r- c:\windows\system32\drivers\SymEFA.sys
2010-05-04 23:16 . 2010-02-04 01:40 328752 ----a-r- c:\windows\system32\drivers\SymDS.sys
2010-05-04 23:15 . 2010-05-04 23:15 -------- d-----w- c:\windows\system32\drivers\N360
2010-05-04 23:15 . 2010-05-04 23:15 -------- d-----w- c:\program files\Norton 360
2010-05-04 23:15 . 2010-05-04 23:15 -------- d-----w- c:\program files\NortonInstaller
2010-05-02 01:12 . 2010-05-04 23:18 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-02 01:12 . 2010-05-04 23:16 -------- d-----w- c:\program files\Symantec
2010-05-02 01:12 . 2010-05-04 23:16 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-05-02 01:12 . 2010-05-04 23:16 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-05-02 01:12 . 2010-05-02 01:12 -------- d-----w- c:\program files\Windows Sidebar
2010-05-02 01:11 . 2010-05-02 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-05-02 01:07 . 2010-05-04 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-05-02 00:13 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 23:39 . 2010-05-02 00:50 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-05-01 23:39 . 2010-05-02 00:50 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-05-01 22:54 . 2010-05-02 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-01 22:54 . 2010-05-01 23:02 -------- d-----w- c:\windows\SxsCaPendDel
2010-05-01 15:35 . 2010-05-01 15:35 10520 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-01 15:35 . 2010-05-01 15:35 97928 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-01 15:35 . 2010-05-01 15:35 26824 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-01 15:34 . 2010-05-02 00:18 -------- d-----w- c:\windows\system32\drivers\Avg
2010-05-01 15:33 . 2010-05-03 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-01 14:57 . 2010-05-01 14:57 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-23 17:48 . 2008-02-14 04:51 0 ----a-w- c:\documents and settings\LT\Local Settings\Application Data\WavXMapDrive.bat
2010-05-05 00:29 . 2008-02-16 00:22 -------- d-----w- c:\documents and settings\LT\Application Data\U3
2010-05-04 23:16 . 2010-05-02 01:12 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-05-04 23:16 . 2010-05-02 01:12 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-05-02 00:13 . 2010-05-02 00:13 503808 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\msvcp71.dll
2010-05-02 00:13 . 2010-05-02 00:13 499712 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\jmc.dll
2010-05-02 00:13 . 2010-05-02 00:13 348160 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\msvcr71.dll
2010-05-02 00:13 . 2010-05-02 00:13 61440 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-76719865-n\decora-sse.dll
2010-05-02 00:13 . 2010-05-02 00:13 12800 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-76719865-n\decora-d3d.dll
2010-05-02 00:13 . 2008-02-07 13:50 -------- d-----w- c:\program files\Common Files\Java
2010-05-02 00:13 . 2008-02-07 13:50 -------- d-----w- c:\program files\Java
2010-05-01 22:40 . 2008-02-07 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-01 14:55 . 2009-02-25 05:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-01 14:14 . 2010-05-01 14:14 0 ----a-w- c:\windows\system32\drivers\SET101.tmp
2010-04-29 14:20 . 2009-12-21 05:30 -------- d-----w- c:\documents and settings\LT\Application Data\vlc
2010-04-21 00:56 . 2010-03-06 23:44 439816 ----a-w- c:\documents and settings\LT\Application Data\Real\Update\setup3.10\setup.exe
2010-04-20 01:58 . 2010-02-06 20:35 50354 ----a-w- c:\documents and settings\LT\Application Data\Facebook\uninstall.exe
2010-04-20 01:58 . 2010-02-06 20:35 -------- d-----w- c:\documents and settings\LT\Application Data\Facebook
2010-04-19 18:59 . 2010-04-19 18:59 255472 ----a-w- c:\documents and settings\LT\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-04-17 00:34 . 2008-02-16 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-05 00:11 . 2009-08-18 23:18 -------- d-----w- c:\program files\Celtx
2010-03-11 12:38 . 2004-08-11 23:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-06-26 13:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2009-04-01 02:13 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2009-04-01 02:13 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 16:00 . 2010-03-07 16:00 118784 ----a-w- c:\documents and settings\LT\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-02-24 12:31 . 2009-04-01 02:12 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-03-06 17:06 . 2009-03-06 17:06 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-03-06 17:06 . 2009-03-06 17:06 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-03-06 17:07 . 2009-03-06 17:07 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2008-02-08 02:46 . 2008-02-08 02:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 02:46 . 2008-02-08 02:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 02:46 . 2008-02-08 02:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-08 02:46 . 2008-02-08 02:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 02:46 . 2008-02-08 02:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 02:46 . 2008-02-08 02:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-08 02:46 . 2008-02-08 02:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-06-24 15:08 . 2009-06-24 15:08 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2007-03-16 22:27 . 2007-03-16 22:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 22:27 . 2007-03-16 22:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 22:27 . 2007-03-16 22:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 17:47 . 2007-07-20 17:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 02:46 . 2008-02-08 02:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8087-36EE87E26986}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\LT\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"Google Update"="c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-25 185872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-07 68856]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A5949E07-8536-4625-A3D0-2DD83F559990}"= "c:\windows\system32\ShellHook.dll" [2006-09-25 45568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 21:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LoadRunner Agent Process.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LoadRunner Agent Process.lnk
backup=c:\windows\pss\LoadRunner Agent Process.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 02:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-08 15:49 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-24 13:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-03 04:04 133104 ----atw- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-13 00:56 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
2002-12-10 22:32 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
2002-12-10 22:31 61440 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2002-12-10 21:54 127022 ----a-w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-11-25 22:05 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mercury Interactive\\QuickTest Professional\\bin\\AQTRmtAgent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Program Files\\Mercury Interactive\\Mercury LoadRunner\\launch_service\\bin\\magentproc.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\LT\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\LT\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"37677:TCP"= 37677:TCP:*:Disabled:ooVoo TCP port 37677
"37677:UDP"= 37677:UDP:*:Disabled:ooVoo UDP port 37677
"37676:UDP"= 37676:UDP:*:Disabled:ooVoo UDP port 37676
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"5030:TCP"= 5030:TCP:Services
"3265:TCP"= 3265:TCP:Services
"6374:TCP"= 6374:TCP:Services
"3937:TCP"= 3937:TCP:Services
"5089:TCP"= 5089:TCP:Services
"8678:TCP"= 8678:TCP:Services
"3356:TCP"= 3356:TCP:Services
"5212:TCP"= 5212:TCP:Services
"2398:TCP"= 2398:TCP:Services
"3296:TCP"= 3296:TCP:Services

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/4/2010 8:31 PM 162768]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 4:21 PM 79432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/4/2010 8:31 PM 19024]
R2 ExpressionService;ExpressionService;c:\program files\Common Files\Mercury Interactive\TDAPIServer\ExpService.exe [4/12/2008 3:53 PM 532548]
R2 LogonService1;LogonService1;c:\program files\Common Files\Mercury Interactive\TDAPIServer\LogonService1.exe [4/12/2008 3:56 PM 86016]
R2 OtaPool;OtaPool;c:\program files\Common Files\Mercury Interactive\TDAPIServer\OTAPool.exe [4/12/2008 3:53 PM 102400]
R2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [2/23/2008 1:27 AM 10951]
R2 SiteScope;SiteScope;c:\inetpub\TDBIN\SITESC~1\tools\SITESC~1.EXE [4/12/2008 3:55 PM 45056]
R2 TDStartStopService;Advanced TestDirector StartStop Service;c:\program files\Common Files\Mercury Interactive\TDStartStop.exe [4/12/2008 3:56 PM 1452032]
R2 TomcatService;TomcatService;c:\inetpub\TDBIN\MTours\jakarta-tomcat-3.3\bin\TomcatService.exe [4/12/2008 3:54 PM 61440]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [3/31/2009 10:13 PM 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 2:32 PM 97536]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0401000.020\SYMDS.SYS --> c:\windows\system32\drivers\N360\0401000.020\SYMDS.SYS [?]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0401000.020\SYMEFA.SYS --> c:\windows\system32\drivers\N360\0401000.020\SYMEFA.SYS [?]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100211.001\BHDrvx86.sys [5/4/2010 7:16 PM 536112]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0401000.020\cchpx86.sys [5/4/2010 7:16 PM 501888]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0401000.020\Ironx86.sys [5/4/2010 7:16 PM 116784]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe [5/4/2010 7:15 PM 126392]
S3 CheckTestDirectorUserAccount;Check TestDirector User account;c:\program files\Common Files\Mercury Interactive\CheckU.exe [4/12/2008 3:43 PM 342528]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20091105.001\IDSxpx86.sys [5/4/2010 7:16 PM 329592]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/4/2010 10:11 PM 38224]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [8/21/2008 2:16 PM 220079]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder

2010-03-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:49]

2010-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3727747301-3168930972-3825058957-1005Core.job
- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 04:04]

2010-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3727747301-3168930972-3825058957-1005UA.job
- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 04:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080207
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: amtrak.com\vpn
TCP: {992575CE-4F05-4343-88B1-693175150DAD} = 202.144.105.4,202.144.10.50
DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} - hxxp://logiqa/TDBIN/Spider80.ocx
DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - hxxp://mssepmapp01/projectserver/objects/pjclient.cab
DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} - hxxp://logiqa:8080/qcbin/Spider90.ocx
DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} - hxxp://mssepmapp01/projectserver/objects/1033/pjcintl.cab
DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} - hxxp://10.11.50.178/qcbin/Spider91.cab
FF - ProfilePath - c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\
FF - prefs.js: browser.search.selectedEngine - JobSearch - Dice.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\LT\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E}\plugins\NPuroamCleaner.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}\plugins\NPuroamHost.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\LT\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\LT\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-23 13:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8632C228]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7534fc3
\Driver\ACPI -> ACPI.sys @ 0xf73c7cb8
\Driver\atapi -> 0x8632c228
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
ParseProcedure -> ntkrnlpa.exe @ 0x80581684
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
ParseProcedure -> ntkrnlpa.exe @ 0x80581684
NDIS: Broadcom NetXtreme 57xx Gigabit Controller -> SendCompleteHandler -> 0x8639e5c0
PacketIndicateHandler -> NDIS.sys @ 0xf7220a0b
SendHandler -> NDIS.sys @ 0xf7234b31
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x0DF937C1
malicious code @ sector 0x0DF937C4 !
PE file found in sector at 0x0DF937DA !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.1.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1372)
c:\windows\system32\waveGina.dll
c:\windows\system32\AmRes_en.dll
c:\windows\system32\OEM_Resources.dll
c:\program files\Wave Systems Corp\Dell Preboot Manager\PrebootBiosManager.dll
c:\program files\Wave Systems Corp\Authentication Manager\AuthControl2.dll
c:\program files\Wave Systems Corp\Authentication Manager\AuthentecPlugin.dll
c:\windows\system32\ATSC70.dll
c:\program files\Wave Systems Corp\Authentication Manager\upek.dll
c:\windows\system32\BioAPI100.dll
c:\windows\system32\BIOAPI_MDS300.dll
c:\windows\system\tfmessbsp.dll

- - - - - - - > 'lsass.exe'(1428)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
c:\program files\Wave Systems Corp\Common\CryptoManager.dll
c:\windows\system32\tcg15.dll
c:\windows\system32\Tsp1.dll
c:\windows\system32\wclient14.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\program files\Wave Systems Corp\Authentication Manager\upek.dll
c:\windows\system32\BioAPI100.dll
c:\windows\system32\BIOAPI_MDS300.dll
c:\windows\system32\AmRes_en.dll
c:\program files\Wave Systems Corp\Authentication Manager\authcontrol.dll
c:\program files\Wave Systems Corp\Authentication Manager\UserCredentialStore.dll
c:\windows\system\tfmessbsp.dll

- - - - - - - > 'Explorer.exe'(3108)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Common Files\Mercury Interactive\TDAPIServer\SendAllQualifiedApp.exe
c:\progra~1\COMMON~1\MERCUR~1\TDAPIS~1\TDDomSrv.exe
c:\program files\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlagent.EXE
c:\program files\SigmaTel\C-Major Audio\WDM\StacSV.exe
c:\inetpub\TDBIN\SiteScope\java\bin\java.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\inetpub\TDBIN\MTours\JavaSoft\JRE\1.2\bin\java.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\stsystra.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
.
**************************************************************************
.
Completion time: 2010-05-23 13:56:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-23 17:56

Pre-Run: 77,760,942,080 bytes free
Post-Run: 77,737,537,536 bytes free

- - End Of File - - 8627318145D9FF863F7BA43D246510D8
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/13/2008 11:51:22 PM
System Uptime: 5/23/2010 1:46:43 PM (1 hours ago)

Motherboard: Dell Inc. | | 0KU184
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 1995/200mhz
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 1994/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 112 GiB total, 72.438 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

==== System Restore Points ===================

RP332: 2/2/2010 9:26:04 PM - System Checkpoint
RP333: 2/4/2010 9:14:22 PM - System Checkpoint
RP334: 2/8/2010 11:51:24 AM - System Checkpoint
RP335: 2/9/2010 3:45:41 PM - Restore Operation
RP336: 2/10/2010 6:30:20 PM - System Checkpoint
RP337: 2/11/2010 1:00:39 PM - Installed Citrix Presentation Server Client - Web Only
RP338: 2/12/2010 8:46:33 PM - System Checkpoint
RP339: 2/13/2010 1:03:59 AM - Software Distribution Service 3.0
RP340: 2/15/2010 1:32:54 PM - System Checkpoint
RP341: 2/16/2010 1:54:20 PM - System Checkpoint
RP342: 2/16/2010 10:56:55 PM - Software Distribution Service 3.0
RP343: 2/18/2010 3:49:46 PM - Restore Operation
RP344: 2/20/2010 10:57:18 AM - System Checkpoint
RP345: 2/21/2010 9:37:39 PM - System Checkpoint
RP346: 2/25/2010 8:46:14 AM - System Checkpoint
RP347: 2/27/2010 6:12:41 PM - System Checkpoint
RP348: 3/1/2010 9:58:45 PM - System Checkpoint
RP349: 3/2/2010 7:37:07 PM - Software Distribution Service 3.0
RP350: 3/3/2010 8:20:42 PM - System Checkpoint
RP351: 3/6/2010 3:04:13 PM - System Checkpoint
RP352: 3/10/2010 12:53:19 PM - System Checkpoint
RP353: 3/11/2010 8:39:35 PM - System Checkpoint
RP354: 3/12/2010 9:57:42 PM - Software Distribution Service 3.0
RP355: 3/13/2010 10:28:06 AM - Restore Operation
RP356: 3/14/2010 5:26:16 AM - Software Distribution Service 3.0
RP357: 3/17/2010 10:12:57 PM - System Checkpoint
RP358: 3/28/2010 2:27:43 PM - System Checkpoint
RP359: 4/3/2010 7:38:36 PM - System Checkpoint
RP360: 4/4/2010 8:53:09 PM - System Checkpoint
RP361: 4/5/2010 9:22:31 PM - System Checkpoint
RP362: 4/5/2010 10:09:46 PM - Software Distribution Service 3.0
RP363: 4/10/2010 6:51:25 PM - System Checkpoint
RP364: 4/11/2010 10:00:47 PM - System Checkpoint
RP365: 4/14/2010 11:24:43 AM - System Checkpoint
RP366: 4/17/2010 11:36:32 AM - System Checkpoint
RP367: 4/18/2010 1:31:33 PM - System Checkpoint
RP368: 4/19/2010 11:23:11 PM - Software Distribution Service 3.0
RP369: 4/26/2010 11:49:29 AM - System Checkpoint
RP370: 5/1/2010 9:51:33 AM - Software Distribution Service 3.0
RP371: 5/1/2010 10:53:53 AM - Restore Operation
RP372: 5/1/2010 11:33:48 AM - Installed AVG Free 8.0
RP373: 5/1/2010 6:54:28 PM - Installed AVG 9.0
RP374: 5/1/2010 8:12:53 PM - Installed Java(TM) 6 Update 20
RP375: 5/1/2010 8:20:09 PM - Installed AVG 9.0
RP376: 5/4/2010 8:30:35 PM - avast! Free Antivirus Setup

==== Installed Programs ======================


Ad-Aware
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.3 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AIM 6
Apple Mobile Device Support
Apple Software Update
AuthenTec Fingerprint Sensor Minimum Install
avast! Free Antivirus
biolsp patch
Bonjour
Broadcom ASF Management Applications
Broadcom Management Programs
Browser Address Error Redirector
cBizOne
Celtx (2.7)
Cisco Systems VPN Client 4.8.01.0300
Citrix Presentation Server Client - Web Only
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Cricket Scorer 5.5.4.0
Dell Drivers MSI
Dell Embassy Trust Suite by Wave Systems
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
Document Manager Lite
EMBASSY Security Center
EMBASSY Security Setup
EMBASSY Trust Suite by Wave Systems
ESC Home Page Plugin
Expense Calculator
Facebook Plug-In
FileZilla Client 3.3.1
Final Draft 7
Gemalto
GemSafe Standard Edition 5.1
Google Chrome
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
GoToMeeting 4.0.0.320
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB934428-v2)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB937930)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
InstallMICGenericHook
Intel(R) Graphics Media Accelerator Driver
IntelliSonic Speech Enhancement
iTunes
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 7
Juniper Citrix Services Client
Juniper Terminal Services Client
Logitech Desktop Messenger
Logitech ImageStudio
Malwarebytes' Anti-Malware
Mercury LoadRunner 8.0
MercuryTours
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Accounting 2007
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting Fixed Asset Manager
Microsoft Office Accounting PayPal Addin
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Office Small Business Connectivity Components
Microsoft Script Debugger
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Desktop Engine
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XML Parser
Modem Diagnostic Tool
Move Media Player
Mozilla Firefox (3.5.9)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MySpaceIM
NetWaiting
NTRU TCG Software Stack
Octoshape add-in for Adobe Flash Player
ooVoo Toolbar
P2P Tv Plugin
PowerDVD
Preboot Manager
Private Information Manager
Quality Center Microsoft Excel Addin
Quest Software Toad for SQL Server Trial 4.1
QuickSet
QuickTest Professional
QuickTime
RealPlayer
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
SearchAssist
Secure Update
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939373)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942830)
Security Update for Windows XP (KB942831)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Security Wizards
SigmaTel Audio
SiteScope
Skype™ 4.0
Slideroll Gallery AV 0.92b4
Slideroll Video Creator 0.83b
Sonic Activation Module
SopCast 3.0.1
SPVOD Player1.8
TeamViewer 4
TestDirector 8.0
Trusted Drive Manager
tsp patch
Unified Report
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
upekmsi
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.3
WampServer 2.0
Wave Infrastructure Installer
Wave Support Software
WebEx
WebEx Meeting Manager for Firefox/Netscape/Chrome
WebFldrs XP
Windows 7 Upgrade Advisor
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WinRunner
Yahoo! BrowserPlus 2.7.1
Yahoo! Extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

5/23/2010 9:49:11 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD APPDRV aswSP aswTdi BHDrvx86 ccHP Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSPX SymIRON SYMTDI Tcpip
5/23/2010 9:49:11 AM, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
5/23/2010 9:49:11 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/23/2010 9:49:11 AM, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
5/23/2010 9:49:11 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/23/2010 9:49:11 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/23/2010 9:49:11 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/23/2010 9:49:11 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/23/2010 12:45:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP MPFP SymDS SymEFA SymIRON
5/23/2010 12:45:34 PM, error: Service Control Manager [7024] - The Norton 360 service terminated with service-specific error 4294967295 (0xFFFFFFFF).
5/23/2010 12:45:34 PM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
5/23/2010 12:45:34 PM, error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: The system cannot find the path specified.
5/23/2010 12:45:34 PM, error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The system cannot find the path specified.
5/23/2010 12:45:34 PM, error: Service Control Manager [7000] - The McAfee Proxy Service service failed to start due to the following error: The system cannot find the path specified.
5/23/2010 12:45:34 PM, error: Service Control Manager [7000] - The McAfee Personal Firewall Service service failed to start due to the following error: The system cannot find the path specified.
5/23/2010 12:45:34 PM, error: Service Control Manager [7000] - The McAfee Network Agent service failed to start due to the following error: The system cannot find the path specified.
5/23/2010 12:45:34 PM, error: Service Control Manager [7000] - The McAfee Anti-Spam Service service failed to start due to the following error: The system cannot find the path specified.
5/23/2010 12:45:02 PM, error: Print [23] - Printer WebEx Document Loader failed to initialize because a suitable HP Color LaserJet 4700 PCL 5c driver could not be found.
5/23/2010 12:45:02 PM, error: Print [23] - Printer Microsoft XPS Document Writer failed to initialize because a suitable Microsoft XPS Document Writer driver could not be found.
5/23/2010 12:45:02 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
5/23/2010 12:45:02 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
5/23/2010 12:44:58 PM, error: DCOM [10020] - The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool.
5/23/2010 12:43:55 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/23/2010 12:32:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/23/2010 12:30:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/23/2010 1:19:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP MPFP SRTSPX SymDS SymEFA SymIRON SYMTDI
5/23/2010 1:14:51 PM, error: Service Control Manager [7034] - The NTRU TSS v1.2.1.25 TCS service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 1:14:51 PM, error: Service Control Manager [7034] - The ExpressionService service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 1:14:50 PM, error: Service Control Manager [7034] - The SiteScope service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 1:14:50 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 1:11:30 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
5/20/2010 8:27:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MPFP

==== End Of File ===========================
 
DDS (Ver_10-03-17.01) - NTFSx86
Run by at 14:01:07.90 on Sun 05/23/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.460 [GMT -4:00]

AV: AVG Anti-Virus *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\ExpService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\LogonService1.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\OTAPool.exe
C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\SendAllQualifiedApp.exe
C:\PROGRA~1\COMMON~1\MERCUR~1\TDAPIS~1\TDDomSrv.exe
C:\InetPub\TDBIN\SITESC~1\tools\SITESC~1.EXE
C:\Program Files\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlagent.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\InetPub\TDBIN\SiteScope\java\bin\java.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\Mercury Interactive\TDStartStop.exe
C:\InetPub\TDBIN\MTours\jakarta-tomcat-3.3\bin\TomcatService.exe
C:\WINDOWS\system32\dllhost.exe
C:\InetPub\TDBIN\MTours\JavaSoft\JRE\1.2\bin\java.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Documents and Settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\LT\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080207
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: BHOManager Class: {474264bc-9571-47c1-85b9-780f756dc9ce} - c:\windows\system32\BHOManager.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: ooVoo Toolbar: {a057a204-bacc-4d26-8087-36ee87e26986} - c:\progra~1\oovoot~1\OOVOOT~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: ooVoo Toolbar: {a057a204-bacc-4d26-8087-36ee87e26986} - c:\progra~1\oovoot~1\OOVOOT~1.DLL
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [cdloader] "c:\documents and settings\LT\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Google Update] "c:\documents and settings\LT\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: amtrak.com\vpn
DPF: {00000033-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall33.cab
DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} - hxxp://logiqa/TDBIN/Spider80.ocx
DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - hxxps://vpn.amtrak.com/vdesk/cachecleaner.cab#version=6030,2009,0514,2202
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://vpn.amtrak.com/vdesk/terminal/urxvpn.cab#version=6030,2009,514,2217
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3605B612-C3CF-4AB4-A426-2D853391DB2E} - hxxp://10.11.50.178/qcbin/capicom.dll
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://vpn.amtrak.com/vdesk/terminal/f5tunsrv.cab#version=6030,2009,514,2213
DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - hxxp://mssepmapp01/projectserver/objects/pjclient.cab
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - hxxps://vpn.amtrak.com/vdesk/terminal/f5InspectionHost.cab#version=6030,2009,0514,2204
DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} - hxxp://imlive.com/chatsource/ImlCID.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} - hxxp://logiqa:8080/qcbin/Spider90.ocx
DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} - hxxp://www.ooxtv.com/livetv.ocx
DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} - hxxp://mssepmapp01/projectserver/objects/1033/pjcintl.cab
DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} - hxxp://10.11.50.178/qcbin/Spider91.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://vpn.amtrak.com/vdesk/terminal/urxshost.cab#version=6030,2009,514,2210
DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - hxxps://vpn.amtrak.com/policy/download_binary.php/win32/f5syschk.cab#Version=6030,2009,0514,2213
TCP: {992575CE-4F05-4343-88B1-693175150DAD} = 202.144.105.4,202.144.10.50
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Handler: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} -
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} -
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShHook Class: {a5949e07-8536-4625-a3d0-2dd83f559990} - c:\windows\system32\ShellHook.dll
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\logiqa~1\applic~1\mozilla\firefox\profiles\krvj0fdt.default\
FF - prefs.js: browser.search.selectedEngine - JobSearch - Dice.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\LT\application data\mozilla\firefox\profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\LT\application data\mozilla\firefox\profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\LT\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\LT\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\LT\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\LT\application data\mozilla\firefox\profiles\krvj0fdt.default\extensions\{3191e4ce-790e-42be-b2e0-223475263b7e}\plugins\NPuroamCleaner.dll
FF - plugin: c:\documents and settings\LT\application data\mozilla\firefox\profiles\krvj0fdt.default\extensions\{dbbb3167-6e81-400f-bbfd-bd8921726f52}\plugins\NPuroamHost.dll
FF - plugin: c:\documents and settings\LT\application data\mozilla\firefox\profiles\krvj0fdt.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\LT\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\LT\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\LT\local settings\application data\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-4 162768]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214664]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-4 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-4 40384]
R2 ExpressionService;ExpressionService;c:\program files\common files\mercury interactive\tdapiserver\ExpService.exe [2008-4-12 532548]
R2 LogonService1;LogonService1;c:\program files\common files\mercury interactive\tdapiserver\LogonService1.exe [2008-4-12 86016]
R2 OtaPool;OtaPool;c:\program files\common files\mercury interactive\tdapiserver\OTAPool.exe [2008-4-12 102400]
R2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [2008-2-23 10951]
R2 SiteScope;SiteScope;c:\inetpub\tdbin\sitesc~1\tools\SITESC~1.EXE [2008-4-12 45056]
R2 TDStartStopService;Advanced TestDirector StartStop Service;c:\program files\common files\mercury interactive\TDStartStop.exe [2008-4-12 1452032]
R2 TomcatService;TomcatService;c:\inetpub\tdbin\mtours\jakarta-tomcat-3.3\bin\TomcatService.exe [2008-4-12 61440]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2009-3-31 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0401000.020\symds.sys --> c:\windows\system32\drivers\n360\0401000.020\SYMDS.SYS [?]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0401000.020\symefa.sys --> c:\windows\system32\drivers\n360\0401000.020\SYMEFA.SYS [?]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20100211.001\BHDrvx86.sys [2010-5-4 536112]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0401000.020\cchpx86.sys [2010-5-4 501888]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0401000.020\Ironx86.sys [2010-5-4 116784]
S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe --> c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [?]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
S2 N360;Norton 360;c:\program files\norton 360\engine\4.1.0.32\ccSvcHst.exe [2010-5-4 126392]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-4 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-4 40384]
S3 CheckTestDirectorUserAccount;Check TestDirector User account;c:\program files\common files\mercury interactive\CheckU.exe [2008-4-12 342528]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20091105.001\IDSxpx86.sys [2010-5-4 329592]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-4 38224]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-6-9 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-6-9 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-6-9 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-6-9 40552]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20100501.002\naveng.sys [2010-5-4 84912]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20100501.002\navex15.sys [2010-5-4 1324720]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [2008-8-21 220079]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
UnknownUnknown vkquwexg;vkquwexg; [x]

=============== Created Last 30 ================

2010-05-23 16:33:26 98816 ----a-w- c:\windows\sed.exe
2010-05-23 16:33:26 77312 ----a-w- c:\windows\MBR.exe
2010-05-23 16:33:26 256512 ----a-w- c:\windows\PEV.exe
2010-05-23 16:33:26 161792 ----a-w- c:\windows\SWREG.exe
2010-05-05 02:11:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 02:11:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-05 02:11:09 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 00:30:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-05-05 00:29:50 0 d-----w- C:\Anti_Virus_SW
2010-05-04 23:16:08 43696 ----a-r- c:\windows\system32\drivers\srtspx.sys
2010-05-04 23:16:08 362032 ----a-r- c:\windows\system32\drivers\symtdi.sys
2010-05-04 23:16:08 328752 ----a-r- c:\windows\system32\drivers\SymDS.sys
2010-05-04 23:16:08 172592 ----a-r- c:\windows\system32\drivers\SymEFA.sys
2010-05-04 23:15:46 0 d-----w- c:\windows\system32\drivers\N360
2010-05-04 23:15:44 0 d-----w- c:\program files\Norton 360
2010-05-04 23:15:36 0 d-----w- c:\program files\NortonInstaller
2010-05-02 01:12:39 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-05-02 01:12:39 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-05-02 01:12:39 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-05-02 01:12:39 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-05-02 01:12:39 0 d-----w- c:\program files\Symantec
2010-05-02 01:12:39 0 d-----w- c:\program files\common files\Symantec Shared
2010-05-02 01:11:36 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-05-02 01:07:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-05-02 00:13:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 23:39:39 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-05-01 23:39:39 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-05-01 23:02:53 0 ----a-w- c:\windows\system32\commonpriv.log.lock
2010-05-01 22:54:35 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-05-01 22:54:07 0 d-----w- c:\windows\SxsCaPendDel
2010-05-01 15:35:15 10520 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-01 15:35:10 97928 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-01 15:34:40 0 d-----w- c:\windows\system32\drivers\Avg
2010-05-01 15:33:54 0 d-----w- c:\docume~1\alluse~1\applic~1\avg8
2010-05-01 14:57:40 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-01 14:14:49 0 ----a-w- c:\windows\system32\drivers\SET101.tmp

==================== Find3M ====================

2010-03-10 13:18:21 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-03-10 13:18:20 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-03-05 19:02:04 456704 ----a-w- c:\windows\system32\dllcache\smtpsvc.dll
2010-02-24 12:31:30 454016 ----a-w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-23 05:20:02 634648 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2010-02-23 05:18:28 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll

============= FINISH: 14:01:16.31 ===============
 
Hi,

Please run ComboFix again and let it install recovery console. Post back the results.
 
ComboFix 10-05-22.03 - LT 05/23/2010 19:17:09.2.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.780 [GMT -4:00]
Running from: c:\documents and settings\LT\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\LT\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2010-04-23 to 2010-05-23 )))))))))))))))))))))))))))))))
.

2010-05-05 02:11 . 2009-12-30 18:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 02:11 . 2009-12-30 18:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-05 02:11 . 2010-05-05 02:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 00:31 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-05 00:31 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-05 00:31 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-05 00:31 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-05 00:31 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-05 00:31 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-05 00:31 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-05 00:30 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-05 00:30 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-05 00:30 . 2010-05-05 00:30 -------- d-----w- c:\program files\Alwil Software
2010-05-05 00:30 . 2010-05-05 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-05 00:29 . 2010-05-05 00:29 -------- d-----w- C:\Anti_Virus_SW
2010-05-04 23:16 . 2010-02-27 02:23 43696 ----a-r- c:\windows\system32\drivers\srtspx.sys
2010-05-04 23:16 . 2010-02-04 01:40 362032 ----a-r- c:\windows\system32\drivers\symtdi.sys
2010-05-04 23:16 . 2010-02-04 01:40 172592 ----a-r- c:\windows\system32\drivers\SymEFA.sys
2010-05-04 23:16 . 2010-02-04 01:40 328752 ----a-r- c:\windows\system32\drivers\SymDS.sys
2010-05-04 23:15 . 2010-05-04 23:15 -------- d-----w- c:\windows\system32\drivers\N360
2010-05-04 23:15 . 2010-05-04 23:15 -------- d-----w- c:\program files\Norton 360
2010-05-04 23:15 . 2010-05-04 23:15 -------- d-----w- c:\program files\NortonInstaller
2010-05-02 01:12 . 2010-05-04 23:18 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-02 01:12 . 2010-05-04 23:16 -------- d-----w- c:\program files\Symantec
2010-05-02 01:12 . 2010-05-04 23:16 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-05-02 01:12 . 2010-05-04 23:16 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-05-02 01:12 . 2010-05-02 01:12 -------- d-----w- c:\program files\Windows Sidebar
2010-05-02 01:11 . 2010-05-02 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-05-02 01:07 . 2010-05-04 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-05-02 00:13 . 2010-05-02 00:13 503808 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\msvcp71.dll
2010-05-02 00:13 . 2010-05-02 00:13 499712 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\jmc.dll
2010-05-02 00:13 . 2010-05-02 00:13 348160 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\msvcr71.dll
2010-05-02 00:13 . 2010-05-02 00:13 61440 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-76719865-n\decora-sse.dll
2010-05-02 00:13 . 2010-05-02 00:13 12800 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-76719865-n\decora-d3d.dll
2010-05-02 00:13 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 23:39 . 2010-05-02 00:50 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-05-01 23:39 . 2010-05-02 00:50 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-05-01 22:54 . 2010-05-02 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-01 22:54 . 2010-05-01 23:02 -------- d-----w- c:\windows\SxsCaPendDel
2010-05-01 15:35 . 2010-05-01 15:35 10520 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-01 15:35 . 2010-05-01 15:35 97928 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-01 15:35 . 2010-05-01 15:35 26824 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-01 15:34 . 2010-05-02 00:18 -------- d-----w- c:\windows\system32\drivers\Avg
2010-05-01 15:33 . 2010-05-03 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-01 14:57 . 2010-05-01 14:57 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-23 22:10 . 2008-02-14 04:51 0 ----a-w- c:\documents and settings\LT\Local Settings\Application Data\WavXMapDrive.bat
2010-05-05 00:29 . 2008-02-16 00:22 -------- d-----w- c:\documents and settings\LT\Application Data\U3
2010-05-04 23:16 . 2010-05-02 01:12 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-05-04 23:16 . 2010-05-02 01:12 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-05-02 00:13 . 2008-02-07 13:50 -------- d-----w- c:\program files\Common Files\Java
2010-05-02 00:13 . 2008-02-07 13:50 -------- d-----w- c:\program files\Java
2010-05-01 22:40 . 2008-02-07 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-01 14:55 . 2009-02-25 05:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-01 14:14 . 2010-05-01 14:14 0 ----a-w- c:\windows\system32\drivers\SET101.tmp
2010-04-29 14:20 . 2009-12-21 05:30 -------- d-----w- c:\documents and settings\LT\Application Data\vlc
2010-04-21 00:56 . 2010-03-06 23:44 439816 ----a-w- c:\documents and settings\LT\Application Data\Real\Update\setup3.10\setup.exe
2010-04-20 01:58 . 2010-02-06 20:35 50354 ----a-w- c:\documents and settings\LT\Application Data\Facebook\uninstall.exe
2010-04-20 01:58 . 2010-02-06 20:35 -------- d-----w- c:\documents and settings\LT\Application Data\Facebook
2010-04-19 18:59 . 2010-04-19 18:59 255472 ----a-w- c:\documents and settings\LT\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-04-17 00:34 . 2008-02-16 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-05 00:11 . 2009-08-18 23:18 -------- d-----w- c:\program files\Celtx
2010-03-11 12:38 . 2004-08-11 23:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-06-26 13:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2009-04-01 02:13 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2009-04-01 02:13 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 16:00 . 2010-03-07 16:00 118784 ----a-w- c:\documents and settings\LT\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-02-24 12:31 . 2009-04-01 02:12 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-03-06 17:06 . 2009-03-06 17:06 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-03-06 17:06 . 2009-03-06 17:06 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-03-06 17:07 . 2009-03-06 17:07 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2008-02-08 02:46 . 2008-02-08 02:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 02:46 . 2008-02-08 02:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 02:46 . 2008-02-08 02:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-08 02:46 . 2008-02-08 02:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 02:46 . 2008-02-08 02:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 02:46 . 2008-02-08 02:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-08 02:46 . 2008-02-08 02:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-06-24 15:08 . 2009-06-24 15:08 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2007-03-16 22:27 . 2007-03-16 22:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 22:27 . 2007-03-16 22:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 22:27 . 2007-03-16 22:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 17:47 . 2007-07-20 17:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 02:46 . 2008-02-08 02:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8087-36EE87E26986}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\LT\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"Aim6"="" [BU]
"Google Update"="c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [BU]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-25 185872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-07 68856]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A5949E07-8536-4625-A3D0-2DD83F559990}"= "c:\windows\system32\ShellHook.dll" [2006-09-25 45568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 21:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LoadRunner Agent Process.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LoadRunner Agent Process.lnk
backup=c:\windows\pss\LoadRunner Agent Process.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 02:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-08 15:49 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-24 13:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-03 04:04 133104 ----atw- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-13 00:56 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
2002-12-10 22:32 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
2002-12-10 22:31 61440 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2002-12-10 21:54 127022 ----a-w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-11-25 22:05 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mercury Interactive\\QuickTest Professional\\bin\\AQTRmtAgent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Program Files\\Mercury Interactive\\Mercury LoadRunner\\launch_service\\bin\\magentproc.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\LT\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\LT\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"37677:TCP"= 37677:TCP:*:Disabled:ooVoo TCP port 37677
"37677:UDP"= 37677:UDP:*:Disabled:ooVoo UDP port 37677
"37676:UDP"= 37676:UDP:*:Disabled:ooVoo UDP port 37676
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"5030:TCP"= 5030:TCP:Services
"3265:TCP"= 3265:TCP:Services
"6374:TCP"= 6374:TCP:Services
"3937:TCP"= 3937:TCP:Services
"5089:TCP"= 5089:TCP:Services
"8678:TCP"= 8678:TCP:Services
"3356:TCP"= 3356:TCP:Services
"5212:TCP"= 5212:TCP:Services
"2398:TCP"= 2398:TCP:Services
"3296:TCP"= 3296:TCP:Services
"3179:TCP"= 3179:TCP:Services
"4858:TCP"= 4858:TCP:Services

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0401000.020\SYMDS.SYS --> c:\windows\system32\drivers\N360\0401000.020\SYMDS.SYS [?]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0401000.020\SYMEFA.SYS --> c:\windows\system32\drivers\N360\0401000.020\SYMEFA.SYS [?]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/4/2010 8:31 PM 162768]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100211.001\BHDrvx86.sys [5/4/2010 7:16 PM 536112]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0401000.020\cchpx86.sys [5/4/2010 7:16 PM 501888]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0401000.020\Ironx86.sys [5/4/2010 7:16 PM 116784]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 4:21 PM 79432]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/4/2010 8:31 PM 19024]
S2 ExpressionService;ExpressionService;c:\program files\Common Files\Mercury Interactive\TDAPIServer\ExpService.exe [4/12/2008 3:53 PM 532548]
S2 LogonService1;LogonService1;c:\program files\Common Files\Mercury Interactive\TDAPIServer\LogonService1.exe [4/12/2008 3:56 PM 86016]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe [5/4/2010 7:15 PM 126392]
S2 OtaPool;OtaPool;c:\program files\Common Files\Mercury Interactive\TDAPIServer\OTAPool.exe [4/12/2008 3:53 PM 102400]
S2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [2/23/2008 1:27 AM 10951]
S2 SiteScope;SiteScope;c:\inetpub\TDBIN\SITESC~1\tools\SITESC~1.EXE [4/12/2008 3:55 PM 45056]
S2 TDStartStopService;Advanced TestDirector StartStop Service;c:\program files\Common Files\Mercury Interactive\TDStartStop.exe [4/12/2008 3:56 PM 1452032]
S2 TomcatService;TomcatService;c:\inetpub\TDBIN\MTours\jakarta-tomcat-3.3\bin\TomcatService.exe [4/12/2008 3:54 PM 61440]
S2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [3/31/2009 10:13 PM 5120]
S3 CheckTestDirectorUserAccount;Check TestDirector User account;c:\program files\Common Files\Mercury Interactive\CheckU.exe [4/12/2008 3:43 PM 342528]
S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 2:32 PM 97536]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20091105.001\IDSxpx86.sys [5/4/2010 7:16 PM 329592]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/4/2010 10:11 PM 38224]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [8/21/2008 2:16 PM 220079]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MDMXSDK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder

2010-03-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:49]

2010-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3727747301-3168930972-3825058957-1005Core.job
- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 04:04]

2010-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3727747301-3168930972-3825058957-1005UA.job
- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 04:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080207
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: amtrak.com\vpn
TCP: {992575CE-4F05-4343-88B1-693175150DAD} = 202.144.105.4,202.144.10.50
DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} - hxxp://logiqa/TDBIN/Spider80.ocx
DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - hxxp://mssepmapp01/projectserver/objects/pjclient.cab
DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} - hxxp://logiqa:8080/qcbin/Spider90.ocx
DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} - hxxp://mssepmapp01/projectserver/objects/1033/pjcintl.cab
DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} - hxxp://10.11.50.178/qcbin/Spider91.cab
FF - ProfilePath - c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\
FF - prefs.js: browser.search.selectedEngine - JobSearch - Dice.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\LT\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E}\plugins\NPuroamCleaner.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}\plugins\NPuroamHost.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\LT\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\LT\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-23 19:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.1.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(332)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'explorer.exe'(1672)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-05-23 19:28:43
ComboFix-quarantined-files.txt 2010-05-23 23:28
ComboFix2.txt 2010-05-23 17:56

Pre-Run: 78,803,447,808 bytes free
Post-Run: 78,745,735,168 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - D71B3F980CD649900DF66C4AA10641D0
 
Hi,

Removed those double posts of yours.


Seems that you installed recovery console meant for XP Home Edition while yours is Professional one. We have to replace wrong console version with a correct one. Follow "Removing the Recovery Console" -part here. Then install correct recovery console here with ComboFix. Post back ComboFix log.
 
You must log in or register to reply here.
Back
Top